wiki-creator

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes an explicit instruction to write a .claude/settings.json with "defaultMode": "bypassPermissions" (and an offer to help) which directs the agent to override its permission prompts and change runtime behavior unrelated to wiki creation, so it is a deceptive/out-of-scope instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Mode B "URL → git clone " in SKILL.md and the templates/wiki-skill.md metadata fields like "wikiRemote" and "source-repos", plus references/extraction.md) instructs the agent to clone and read arbitrary external repositories and extract/interpret their code, exposing it to untrusted, user-generated third‑party content that can influence subsequent tool actions (wiki generation, commits, pushes, and skill packaging).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git clone/git remote add with a user-supplied repo (e.g. https://github.com//) during runtime and then uses the fetched wiki/SKILL.md content to create/package an agent skill that can control agent behavior, so the external repo both is a required dependency and can directly influence prompts/agent instructions.